func()

in pkg/k8scontext/secretstore.go [88:170]

• 67 lines of code
• 11 McCabe index (conditional complexity)

func (s *SecretsStore) ConvertSecret(secretKey string, secret *v1.Secret) error {
	s.conversionSync.Lock()
	defer s.conversionSync.Unlock()

	// check if this is a secret with the correct type
	if secret.Type != v1.SecretTypeTLS {
		return controllererrors.NewErrorf(
			controllererrors.ErrorUnknownSecretType,
			"secret [%v] is not type kubernetes.io/tls", secretKey,
		)
	}

	if len(secret.Data[v1.TLSCertKey]) == 0 || len(secret.Data[v1.TLSPrivateKeyKey]) == 0 {
		return controllererrors.NewErrorf(
			controllererrors.ErrorMalformedSecret,
			"secret [%v] is malformed, tls.key or tls.crt is not defined", secretKey,
		)
	}

	tempfileCert, err := os.CreateTemp("", "appgw-ingress-cert")
	if err != nil {
		return controllererrors.NewErrorWithInnerErrorf(
			controllererrors.ErrorCreatingFile,
			err,
			"unable to create temporary file for certificate conversion",
		)
	}
	defer os.Remove(tempfileCert.Name())

	tempfileKey, err := os.CreateTemp("", "appgw-ingress-key")
	if err != nil {
		return controllererrors.NewErrorWithInnerErrorf(
			controllererrors.ErrorCreatingFile,
			err,
			"unable to create temporary file for certificate conversion",
		)
	}
	defer os.Remove(tempfileKey.Name())

	if err := writeFileDecode(secret.Data["tls.crt"], tempfileCert); err != nil {
		return controllererrors.NewErrorWithInnerErrorf(
			controllererrors.ErrorWritingToFile,
			err,
			"unable to write secret [%v].tls.crt to temporary file", secretKey,
		)
	}

	if err := writeFileDecode(secret.Data["tls.key"], tempfileKey); err != nil {
		return controllererrors.NewErrorWithInnerErrorf(
			controllererrors.ErrorWritingToFile,
			err,
			"unable to write secret [%v].tls.key to temporary file", secretKey,
		)
	}

	// both cert and key are in temp file now, call openssl
	var cout, cerr bytes.Buffer
	cmd := exec.Command("openssl", "pkcs12", "-export", "-in", tempfileCert.Name(), "-inkey", tempfileKey.Name(), "-password", "pass:msazure")
	cmd.Stderr = &cerr
	cmd.Stdout = &cout

	// if openssl exited with an error or the output is empty, report error
	if err := cmd.Run(); err != nil || len(cout.Bytes()) == 0 {
		return controllererrors.NewErrorWithInnerErrorf(
			controllererrors.ErrorExportingWithOpenSSL,
			err,
			"unable to export using openssl, error=[%v], stderr=[%v]", err, cerr.String(),
		)
	}

	pfxCert := cout.Bytes()

	// TODO i'm not sure if comparison against existing certificate can help
	// us optimize by eliminating some events
	_, exists := s.Cache.Get(secretKey)
	if exists {
		s.Cache.Update(secretKey, pfxCert)
	} else {
		s.Cache.Add(secretKey, pfxCert)
	}

	return nil
}